Data Center Security Spending Rises

Organizations that run their own data centers will spend an average of $17 million on security products this year, according to a new survey—an increase of more than $2 million.

Companies that operate their own data centers will spend an average of $17 million on security products in 2013, according to a new survey from Infonetics Research. That's up from $14.6 million last year. Infonetics surveyed 104 large North American companies that operate their own data centers.

The top drivers of those purchases cited by respondents were the need to protect virtualized servers, upgrade security products to match network performance and obtain new threat protection technologies.

The survey indicated that much of the spending on data center security will go toward virtual appliances that support intrusion prevention systems and do a better job of securing messaging systems, applications and websites; however, companies will continue to invest in hardware infrastructure for supporting DDoS mitigation and firewalls.

Firewalls were ranked as the most effective security technology, just ahead of data encryption, in the forthcoming InformationWeek 2013 Strategic Security Survey, which tallied responses from 1,029 IT security pros at companies with 100 or more employees.

The InformationWeek survey also asked respondents which sources for breaches or espionage present the greatest threat. Of the 12 options offered, cybercriminals topped the list. However, employees/insiders were a close second, and were ranked as a greater threat than application vulnerabilities, hacktivists and foreign governments. That's a clear indication of the risk that authorized users can present to an organization.

The full results of the survey will be available in several weeks. You can also find 2012's Strategic Security Survey here (registration required).

Security Opens Doors for Upstarts

Big-name suppliers such as Cisco, McAfee, HP, Juniper and Trend Micro continue to be regarded as the top vendors according to the Infonetics research, but upstarts like Fortinet and Palo Alto Networks will claim an increasing piece of the data center security pie.

Jeff Wilson, principal analyst for security at Infonetics, said in an email interview that improved performance and efficacy, as well as cost effectiveness, are among the factors driving data center operators to purchase technology from less-proven vendors.

In response, the more established vendors will do their best to add the desired functionalities, says Wilson, but challengers have the advantage of having been able to bake newer security schemes into their products from the outset.

"In any market, larger vendors have to keep adding on to existing solutions, and in many cases those solutions weren't architected for the scale and complexity of data center environments, nor were many of them built with virtualization or cloud infrastructure in mind," Wilson said via email.

[ Join us at Interop Las Vegas for access to 125+ IT sessions and 300+ exhibiting companies. Register today! ]

"While large vendors will retrofit existing solutions are add bolt-on solutions for many data center security problems, new vendors have the opportunity to build something from the ground up designed for a modern data center."

The bottom line for data center operators is that the bad guys are winning more often than ever, and new tools are needed if they're going to re-architect their security environments, as no single vendor can protect them on the journey from big iron security gear to virtual appliances.

"They've made investments in security, but are attacked (and compromised) far too frequently because the hackers are ahead of the enforcement curve," said Wilson. "So they're looking for solutions that provide revolutionary improvements in security efficacy."

Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.